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ABSTRACT 


In  this  work  we  studied  the  key  establishment  for  secure  many-to-many  communications.  The  main 
problem  is  inspired  by  the  rapid  increase  of  large-scale  distributed  file  systems  supporting  parallel  access  to 
multiple  storage  devices.  The  system  focus  on  the  current  Internet  standard  for  such  file  systems , i.e., 
parallel  Network  File  System  (pNFS),  which  makes  use  of  Kerberos  key  exchange  protocols  to  implement 
parallel  session  keys  between  clients  and  storage  servers.  Our  study  of  the  existing  Kerberos  protocol  shows 
that  it  has  a number  of  limitations:  (i)  a metadata  server  providing  key  exchange  among  the  clients  and  the 
storage  devices  has  heavy  workload  that  limits  the  scalability  of  the  protocol;  (ii)  the  protocol  cannot  provide 
forward  secrecy;  (iii)  the  metadata  server  generates  all  the  session  keys  for  securing  communication  between 
clients  and  storage  devices , and  this  inadvertently  leads  to  key  escrow.  In  this  paper ; we  put  forward  three 
different  authenticated  key  exchange  protocols  that  are  designed  to  address  the  above  issues.  We  prove  that 
our  protocols  are  capable  for  minimizing  up  to  almost50%  of  the  workload  of  the  metadata  server  and  at  the 
same  time  supporting  forward  secrecy  and  escrow-prevention.  All  this  requires  only  a small  fraction  of 
increased  computation  overhead  at  the  client. 

KEYWORDS:  Parallel  network  sessions;  fully  encrypted  authenticated  key  exchange;  network  file  systems; 
forward  secrecy;  key  escrow;  protocols. 


Copyright  © 2016  International  Journal  for  Modern  Trends  in  Science  and  Technology 
All  rights  reserved. 


I.  Introduction 

In  parallel  file  system,  the  file  data  is  situated 
throughout  multiple  storage  nodes  to  allow  the 
simultaneous  access  by  many  different  functions  of 
a parallel  application  [7].  This  is  frequently  used  in 
large-scale  cluster  computer  networks  that 
concentrate  on  increased  performance  and  easy 
and  error  free  access  to  large  data  stores.  That  is, 
higher  I/O  bandwidth  is  achieved  through 
simultaneous  access  to  multiple  storage  units 
inside  o f the  large  compute  clusters;  while  data 
loss  is  prevented  by  data  duplication  using 
fault-tolerant  striping  algorithms!  1]. 

In  this  work,  we  analyzed  the  issues  of  secure 
many-to-many  communications  systems  in 
large-scale  network  file  systems  which  facilitate  the 
parallel  access  to  multiple  storage  servers.  We 
examine  a communication  system  where  there  are 
a large  number  of  clients  (may  be  hundreds  or 


thousands)  accessing  multiple  remote  and 
distributed  storage  servers  (which  also  may  be 
counts  to  hundreds  or  thousands)  in  parallel. 

In  this  paper,  we  looks  on  how  to  exchange  key 
parameters  and  build  parallel  secure  sessions 
between  the  clients  and  the  storage  servers  in  the 
parallel  Network  File  System  (pNFS)  [6].  The 
development  of  pNFS  is  driven  by  Netapp,  Panasas, 
Sun,  IBM,  EMC  and  UMich/CITI,  and  thus  they 
posses  many  common  features  and  is  compatible 
with  many  of  the  present  commercial  proprietary 
network  file  entities.  The  prime  and  important  goal 
here  is  to  design  an  efficient  and  secure  fully 
encrypted  authenticated  key  exchange  protocol 
that  meets  the  unique  requirements  of  pNFS.  The 
main  aim  is  to  achieve  the  desirable  properties 
such  as  scalability,  forward  secrecy, 
Escrow-prevention.  This  paper  propose  three 
different  fully  encrypted  authenticated  key 
exchange  protocols  which  is  highly  efficient  to 


15  International  Journal  for  Modern  Trends  in  Science  and  Technology 


Exchange  Protocols  on  Network  File  Systems  Using  Parallel  Sessions  Authenticated  & Improved  Keys 


handle  the  reducing  up  to  90%  of  the  workload  of 
the  metadata  server  and  simultaneously  providing 
forward  secrecy  and  escrow-prevention[3].  This  is 
achieved  by  some  increased  computation  overhead 
by  the  client.  We  define  an  appropriate  security 
model  and  prove  that  our  protocols  are  efficient 
and  enable  for  this  purpose  in  the  model. 

pNFS  separates  the  file  system  protocol 
management  into  two  parts:  metadata 

management  and  data  management.  Metadata  is 
the  details  about  a file  system  object,  such  as  its 
name,  location  within  the  namespace,  byte  storage 
area,  owner  permissions  and  other  attributes. 

pNFS  comprises  a collection  of  three  protocols:  (i) 
the  pNFS  protocol  that  sends  file  metadata  layout, 
between  the  metadata  server  and  a client  (ii)  the 
storage  access  protocol  that  describes  how  a client 
accesses  data  from  the  respective  storage  servers 
according  to  the  corresponding  metadata;  and  (iii) 
the  control  protocol  that  synchronizes  between  the 
metadata  server  and  the  storage  servers. 

II.  Related  Work 

Tele  care  Medical  Information  Systems  (TMIS) 
give  a successful  approach  to  enhance  there 
storative  system  between  specialist  doctors, 
attendants  and  patients.  By  improving  the 
security  and  protection  of  TMIS,  it  is  vital  while 
testing  to  enhance  the  TMIS  so  that  a patient  and  a 
specialist  doctor  can  perform  synchronized 
verification  and  session  key  foundation  utilizing  a 
3-party  curative  server  while  the  safe  information 
of  the  patient  can  be  guaranteed.  In  proposed 
procedure  amysterious  three -party  secret  word 
authorised  key  swapping  (3PAKE)  convention  for 
TMIS  is  utilized.  The  convention  depends  on  the 
competent  elliptic  bend  cryptosystem.  For  security, 
weapply  the  pi  math  based  formal  confirmation 
device  ProVerif  to  show  that  our  3PAKEconvention 
for  TMIS  can  give  namelessness  to  patient  and 
specialist  doctor  and  also  accomplish 
synchronized  verification  and  session  key  secrecy. 

Authenticated  key  exchange  secure  against 
dictionary  attacksby  M.  Bellare,D.  Pointcheval,  and 
P.  Rogaway  [7].  Password-based  protocols  for 
authenticated  key  exchange  (AKE)  are  formulated 
to  work  in  addition  to  the  use  of  passwords  drawn 
from  a space  so  small  that  an  adversary  might  well 
guess,  off  line,  all  possible  passwords.  While 
several  such  protocols  have  been  suggested,  the 
underlying  theory  has  been  lagging.  The  author 
start  by  designing  a model  for  this  problem,  one 
effective  enough  to  deal  with  password 
enumeration,  forward  secrecy,  server  compromise, 


and  loss  of  session  keys.  The  one  model  can  be 
used  to  define  various  goals.  The  author  uses  AKE 
(with  “implicit”  authentication)  as  the  “basic”  goal, 
and  they  give  definitions  for  it  and  for 
entity- authentication  tasks  as  well.  Then  they 
prove  correctness  for  the  idea  at  the  centre  of  the 
Encrypted  Key-Exchange  (EKE)  protocol  by 
Bellovin  and  Merritt:  they  prove  security,  in  an 
idealcipher  model,  of  the  two-flow  protocol  at  the 
core  of  EKE. 

Analysis  of  key-exchange  protocols  and  their  use 
for  building  secure  channels  by  Ran  Canetti  and 
Hugo  Krawczyk  [11]. 

In  this  paper  authors  put  forward  a 
formalism  for  the  analysis  of  key-exchange 
protocols  that  substantiates  previous  definitional 
approaches  and  results  in  a definition  of  security 
that  enables  some  vital  analytical  advantages:  (a) 
any  of  the  key  inter  change  protocol  that  fulfils  the 
security  definition,  can  be  composed  using 
symmetric  encryption  methods  and  authentication 
procedures  to  provide  proven  secure 
communication  channels  (as  defined  here);  and  (b) 
the  definition  permits  for  simple  modular  proofs  of 
security:  one  can  design  and  prove  security  of 
key-exchange  protocols  in  an  ideal  model  where 
the  communication  links  are  clearly  authenticated, 
and  then  translate  them  using  general  tools  to 
achieve  security  in  the  realistic  setting  of 
adversary-controlled  links.  This  paper  adopts  a 
procedural  steps  for  the  analysis  of  key-exchange 
protocols.  They  follow  the  approach  of  the 
adversarial  modelling. 

Authenticated  Key  Exchange  Protocols  for 
parallel  Network  File  Systems  published  by  Hoon 
Wei  Lim  Guomin  Yang  [10]. 

In  this  paper  they  discussed  the  problem  of 
key  authentication  for  secure  many-to-many 
communications.  The  problem  is  inspired  by  the 
enormous  growth  of  large  sized  distributed  file 
systems  supporting  parallel  access  to  multiple 
storage  devices.  Their  work  targeted  on  the  current 
Internet  standard  for  such  file  systems,  i.e., 
parallel  Network  File  System  (pNFS),  which  makes 
use  of  Kerberos  protocols  to  implement  parallel 
session  keys  between  clients  and  storage  devices. 
They  overcome  the  following  limitations  of  pNFS  (i) 
a metadata  server  providing  key  exchange  between 
the  clients  and  the  storage  units  has  heavy 
workload  that  limits  the  scalability  of  the  protocol; 

(ii)  the  protocol  does  not  provide  forward  secrecy; 

(iii)  the  metadata  server  produces  itself  all  the 
session  keys  that  are  used  between  the  clients  and 
storage  systems,  and  this  intrinsically  leads  to  key 
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escrow.  The  noted  disadvantage  of  this  system  is 
that  some  of  the  key  materials  and  layouts  are 
sending  without  encryption  that  may  lead  to 
information  leakage. 

III.  Existing  System 

Independent  of  the  advancement  of  cluster  and 
high  performance  computing,  the  emergence  of 
clouds  and  the  Map  Reduce  programming  model 
has  output  a file  systems  such  as  the  Hadoop 
Distributed  File  System  (HDFS),  Amazon  S3  File 
System,  and  Cloud-Store.  This,  in  turn,  has 
increased  the  extensive  use  of  distributed  and 
parallel  computation  on  large  datasets  in  many 
organizations 

Some  of  the  past  work  in  securing  large 
distributed  file  systems,  for  example,  have  already 
employed  Kerberos  for  carrying  out  authentication 
and  enforcing  access  control.  Kerberos,  being 
based  on  mostly  symmetric  key  techniques  in  its 
early  implementation,  was  generally  believed  to  be 
more  suitable  for  rather  closed, well-connected 
distributed  environments. 

On  the  other  side,  data  grids  and  file  systems 
such  as,  OceanStore,  LegionFS  and  FARSITE, 
make  use  of  public  key  cryptographic  methods  and 
public  key  infrastructure  (PKI)  to  perform 
cross-domain  user  authentication. 

3.1  Disadvantages 

The  current  design  of  NFS/pNFS  concentrates 
on  interoperability , instead  of  efficiency  and 
scalability,  of  various  mechanisms  to  provide  basic 
security.  However,  key  establishment  between  a 
client  and  multiple  storage  devices  in  pNFS  are 
based  on  those  for  NFS,  that  is,  they  are  not 
designed  alone  for  parallel  communications. 
Hence,  the  metadata  server  is  doing  the  following 
functions  (i)  processing  access  requests  to  storage 
devices  (by  granting  valid  layouts  to  authenticated 
and  authorized  clients),  (ii)  Generate  all  the 
corresponding  session  keys  that  the  client  needs  to 
communicate  securely  with  the  storage  systems  to 
which  it  has  been  granted  access. 

Consequently,  the  metadata  server  may 
become  a performance  barrier  for  the  file  system. 
Moreover,  such  protocol  design  leads  to  key 
escrow.  Hence,  in  fact,  the  server  can  learn  all 
information  transacted  among  a client  and  a 
storage  device.  This,  in  turn,  makes  the  server  an 
attractive  aim  for  attackers. 

Another  disadvantage  of  the  current  approach 
is  that  past  session  keys  can  be  revealed  if  a 
storage  unit’s  long-  period  key  shared  with  the 


metadata  server  is  compromised.  We  firmly  believe 
that  this  is  a real  threat  since  a large  sized  file 
system  may  have  thousands  of  geographically 
distributed  storage  devices.  It  may  not  be 
practicable  to  protect  withhigh  physical  security 
and  network  protection  for  all  the  storage  devices. 
In  short  the  disadvantages  are 

• Devices  have  heavy  workload  that  limits  the 
scalability  of  the  protocol. 

• The  protocol  not  able  to  provide  forward  secrecy. 

• The  metadata  server  produces  itself  all  the 
session  keys  that  are  used  between  the  clients 
and  storage  devices,  and  this  intrinsically  leads 
to  key  escrow. 

3.2  Existing  Kerberos  pNFS 

(1)  C ->M  : IDc 

(2) M  -+C:E(Kc;KCt),E(Kt;  IDc,KCTt)  (3) 
CT:IDsi,..,IDSn,E(KT;  IDc,t,KCT),  E(KCT;t,  IDC) 

(4)  T C^Ji,..,on,  E(Kmsi  ; ski,t,  IDc),..,  E(KMSn;  IDc,t, 
skn),  E(Kct;  ski,....,skn) 

(5)  C Si^iOi,  E(KMsi  ;ski  t,  IDC,  ) E(ski;t,  IDC) 

(6)  SiC%  E(ski;  t + 1) 

IV.  Proposed  System 

Our  primary  goal  in  the  proposed  system  is  to 
design  efficient  and  secure  authenticated  key 
exchange  protocols  that  meet  specific  Security  and 
scalability  requirements  of  pNFS. 

The  main  results  of  this  paper  are  three  new 
proven  secure  fully  encrypted  authenticated  key 
exchange  protocols.  Our  protocol  rules, 

progressively  designed  to  achieve  each  ofthe  above 
properties,  demonstrate  the  balance  between 
efficiency  and  security. 

We  show  that  our  protocols  can  reduce  the 
workload  of  the  metadata  server  by  approximately 
50%  compared  to  the  present  Kerberos  - based 
protocol,  while  achieving  the  desired  security 
qualitiessuch  as  forward  secrecy  , key  escrow 
prevention,  key  data  security  (by  full  symmetric 
key  encryption  of  the  key  materials  and  layouts 
which  contain  client  identity,  file  mapping 
information  of  the  server  to  directly  access  the  byte 
range  location  at  the  storage  server)  and  keeping 
the  computational  overhead  at  the  clients  and  the 
storage  devices  at  a reasonably  low  level. 

All  the  information  exchange  in  connection 
with  the  establishment  of  secure  and  efficient 
communication  between  client,  file  servers  and 
metadata  server  has  been  encrypted  with 
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symmetric  key  encryption.  Thus  the  process  is 
almost  safe  from  adversary  attacks. 

4.1  Proposed  protocols 

4.1.1  pNFS-  FEAKE  I 

This  is  a modified  version  of  Kerberos.  In  this  the 
client  generates  its  session  keys.  Symmetric  key 
encryption  is  used  to  protect  information.  There  is 
no  forward  secrecy  and  key  escrow  problem  also 
exists. 

Phase  I - For  each  validity  period  v: 

(1)  CIV^:  E(Kcm;IDc,Kcsi,..,  KCsn  ) 

(2)  M :E(Kmsi  ; IDc,  IDsi,  v,  Kcsi  ),..,E(Kmsn  ; IDc, 
IDsn  , v,  Kcsn  ) 

Phase  II  -For  every  access  request  during  time  t: 

(1)  C_^[  : E(Kcm;IDc,  IDsi  , , IDSn) 

(2)  M C^:  E(Kcm;Oi, ,on) 

(3)  C Sj ^ :E(Kmsi  ; Oi , IDc,  IDsi  ,v, 

Kcsi ),  E(ski°;  IDC,  t) 

(4)  SiC^:  E(ski°;  t + 1) 

4.1.2  pNFS-  FEAKE  II 

By  applying  Diffie  Heilman  key  agreement  rules 
in  pNFS-FEAKE  I , we  can  solve  key  escrow  and 
implement  partial  forward  secrecy.  Session  key  is 
produced  from  client  and  server  Diffre  Heilman 
components.  After  the  time  period  Vail  the  key 
components  are  deleted.  In  this  system  the 
compromise  of  a long  term  key  can  expose  the 
session  key  used  in  the  time  period  V’,  but  the  past 
session  keys  in  the  elapsed  time  period  cannot  be 
accessed  by  an  adversary. 

Phase  I - For  each  validity  period  v: 

(1)  SiM^  E(KMSi  ; IDSi,gsi) 

(2)  C : E(KCM;IDc,gc) 

(3) M_^C:E(Kcm;  gsl, , gsN), 

T(Kmsi  ; IDc, IDsi  V,gc;  gsl  ),....,T (KMSn;  IDc,  IDSn 
V,gc,  gsN) 

Phase  II  -For  every  access  request  during  time  t: 

(1) CH.:E(Kcm;IDc,  IDsi, , IDSn) 

(2)  M C :E(KCm;  Gi, ,on) 

(3)  C _^Si  :7]KMSi  ;Oi,gc,IDc,  IDsi,  v,  gc,gsi ),  E(skiO; 
IDc,  t) 

(4)  SiC^E(skiO;  t + 1) 

4.1.3  pNFS-  FEAKE  III 

This  is  the  most  advanced  protocol  in  which  we 
have  achieved  all  the  desirable  qualities  of  a pNFS. 
Phase  I - For  each  validity  period  v: 

(1)  SiT^:E(KMsi  ; IDSi,gsi) 

(2)  C :E(KCM;IDc,gc) 

(3) M_^C:E(Kcm;  gsl, ,gsN) 


(4)  M _^i:E(KMsi  ; IDSi,IDc,  v,  gc,gsi ) 

Phase  II  -For  every  access  request  during  time  t: 

(1) CM^E(Kcm;  IDc,  IDsi, , IDsn) 

(2)  M C :E(Kcm;  oi, ,on) 

(3)  C ^Si  :E(skij.o;oif  IDC;  t) 

(4)  Si  _£  :E(skjJ’°;  t + 1) 

4. 2 Advantages 

The  proposed  system  pNFS  - FEAKE  III  achieves 
the  following  four  desirable  properties. 

• Scalability  - the  metadata  server  supporting 
access  requests  from  a client  to  multiple  storage 
devices  should  bear  as  little  workload  as 
possible  such  that  the  server  will  not  become  a 
performance  barrier,  but  is  capable  of 
supporting  a very  large  number  of  clients. 

• Forward  secrecy  - the  protocol  should  ensures 
the  security  of  past  session  keys  when  the 
long-period  secret  key  of  a client  or  a storage 
device  is  compromised. 

• Key  Escrow  prevention  - the  metadata  server 
should  not  learn  any  information  about  any  of 
the  session  keysgenerated  and  used  by  the 
client  and  the  storage  servers,  provided  there  is 
no  collusion  among  them. 

• All  the  communications  between  Metadata 
server,  Clients,  Parallel  file  servers  are  fully 
encrypted  to  preserve  the  information  during 
transit. 

V.  Implementation 

Client  - C1,C2,C3..  Metadata  Server  -M,  Storage 
servers  - SI,  S2,  S3....  Sn. 

5.1  Establishment  of  secure  channels  between 
Client  and  Metadata  server 

• Obtain  Metadata  server’s  certificate 

• Verified  that  it  is  signed  by  trusted  CA. 

• Generate  random  Session  Symmetric  key. 

• Encrypt  the  session  key  with  metadata  servers 
public  key. 

• Send  Encrypted  key  to  the  metadata  server. 

5.2  Establishment  of  secure  communication 
between  clients  and  parallel  servers  through 
the  help  of  Metadata  server. 

Phase  1 for  each  validity  period  v 

a)  Each  server  distribute  some  key  materials  to 
Metadata  server  .Each  Si  generate  Diffie 
Heilman  key  component  gsi  . This  is  forwarded 
to  and  stored  by  Metadata  server. 
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Si  — ► M : S(KMSi;IDSi  ,EEI) 

b)  Similarly  Client  generates  its  Diffie  Heilman 
Key  componentg0  and  send  to  Metadata  server. 
C — ►M  : 5(KCM  ; IDCrgc) 

c)  M sends  all  key  components  to  C for  N storage 
servers  that  it  may  access  within  a periods 

M — ►C  : £(KCM;gS1 gSN} 

d)  M also  sends  Client’s  Diffei  Heilman 
Components  to  gc  to  each  Si. 

M — ► Si:  £(KMSi;IDC:IDsi:v:gc:  gsl) 
After  this  stage  C and  Si  are  able  to  agree  a Diffei 
Heilman  value  gcsi 

e)  C and  Si  set  Fl(gcsi,  IDC,  IDSi,  v ) as  their  initial 
shared  secret  state  K°CSi 

Phase2  for  each  access  request  at  time  t 

a)  C submits  an  access  request  M which  contains 
all  identities  of  storage  devices  Si 

C— ► M : £ (KCM.  IDc:  IDSi. IDSn) 

b)  M issues  layout  oi(  Layout  contains  Client’s 
identity,  File  object  mapping  information  and 
Access  permissions) 

M — ►C  : g( KCM.ai,-™,  On) 

c)  Cestablish  secure  session  with  Si  by 
computing  session  key  Sk^2- 

Skij’z  = F2(KCsk1;IDc,IDsi,  j,  sid=z) 
z = 0:l 

C sends  encrypted  layout  and  identity  and 
time  to  Si 

C— ►Si  : SiSki  ci,  t ) 

d)  Si  decrypt  encrypted  message  and  check  if  the 
layout  and  IDc  matches  the  identity  of  C and  if  t 
is  within  the  current  validity  periods. 

e)  If  all  previous  checks  pass  , Si  replies  C with  a 
key  confirmation  message  using  key  Skii>° 

f)  Both  C and  Si  then  set  and  update  their 
internal  shared  secret  state  as  KjCSi 

VI.  Conclusion 

We  put  forward  the  three  authenticated  key 
exchange  protocols  for  the  parallel  network  file 
system  (pNFS).  The  four  main  appealing 
advantages  offered  by  the  proposed  system  than 
the  existing  Kerberos-based  protocol  are(i)  The 
metadata  server  which  make  use  of  our  protocols 
has  much  lower  workload  as  compared  to  that  of 
the  Kerberos-based  approach,  (ii)  The  2nd  and  3rd 
protocols  provide  the  forward  secrecy:  one  which  is 


partially  forward  secure,  while  other  is  the  fully 
forward  secure.  (iii)The  third  protocol  which 
provides  forward  secrecy  as  well  as  is  key 
escrow-prevention. (iv)  As  all  the  communications 
between  the  entities  are  fully  encrypted,  the 
chances  of  unauthorized  information /key  material 
access  can  be  prevented. 

A conclusion  section  is  not  required.  Although  a 
conclusion  may  review  the  main  points  of  the 
paper,  do  not  replicate  the  abstract  as  the 
conclusion.  A conclusion  might  elaborate  on  the 
importance  of  the  work  or  suggest  applications  and 
extensions. 
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